Re: [Bug 1890360] [NEW] Assertion failure in address_space

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug 1890360] [NEW] Assertion failure in address_space_unmap through

From:	Alexander Bulekov
Subject:	Re: [Bug 1890360] [NEW] Assertion failure in address_space_unmap through virtio-blk
Date:	Tue, 4 Aug 2020 22:00:59 -0400
User-agent:	NeoMutt/20180716

Hi Stefan,
This looks an awful lot like the one you looked at here:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg705719.html
though this one is for virtio-pci, while that one was for virtio-mmio:

They are probably the same issue, but the original reproducer no longer
causes an asserion failure for me, so maybe there was already a fix..
-Alex

On 200805 0116, Alexander Bulekov wrote:
> Public bug reported:
> 
> Hello,
> Reproducer:
> cat << EOF | ./i386-softmmu/qemu-system-i386 \
> -drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
> -device virtio-blk,drive=mydrive \
> -nodefaults -nographic -qtest stdio
> outl 0xcf8 0x80001010
> outl 0xcfc 0xc001
> outl 0xcf8 0x80001014
> outl 0xcf8 0x80001004
> outw 0xcfc 0x7
> outl 0xc006 0x3aff9090
> outl 0xcf8 0x8000100e
> outl 0xcfc 0x41005e1e
> write 0x3b00002 0x1 0x5e
> write 0x3b00004 0x1 0x5e
> write 0x3aff5e6 0x1 0x11
> write 0x3aff5eb 0x1 0xc6
> write 0x3aff5ec 0x1 0xc6
> write 0x7 0x1 0xff
> write 0x8 0x1 0xfb
> write 0xc 0x1 0x11
> write 0xe 0x1 0x5e
> write 0x5e8 0x1 0x11
> write 0x5ec 0x1 0xc6
> outl 0x410e 0x10e
> EOF
> 
> 
> qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void 
> *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
> ==789== ERROR: libFuzzer: deadly signal
>     #8  in __assert_fail /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
>     #9  in address_space_unmap /exec.c:3623:9
>     #10 in dma_memory_unmap /include/sysemu/dma.h:145:5
>     #11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
>     #12 in virtqueue_fill /hw/virtio/virtio.c:843:5
>     #13 in virtqueue_push /hw/virtio/virtio.c:917:5
>     #14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
>     #15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
>     #16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
>     #17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
>     #18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
>     #19 in aio_dispatch_handler /util/aio-posix.c:328:9
>     #20 in aio_dispatch_handlers /util/aio-posix.c:371:20
>     #21 in aio_dispatch /util/aio-posix.c:381:5
>     #22 in aio_ctx_dispatch /util/async.c:306:5
>     #23 in g_main_context_dispatch
> 
> 
> With -trace virtio\*
> 
> ...
> [S +0.099667] OK
> [R +0.099681] write 0x5ec 0x1 0xc6
> OK
> [S +0.099690] OK
> [R +0.099700] outl 0x410e 0x10e
> 29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 
> 0x7f9b93fc9800
> 29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
> OK
> [S +0.099833] OK
> 29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 
> 0x7f9b93fc9800
> 29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 
> 0x611000043e80 sector 0 nsectors 0
> 29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 
> 0x611000043e80 status 1
> qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: 
> void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): 
> Assertion `mr != NULL' failed.
> 
> 
> -Alex
> 
> ** Affects: qemu
>      Importance: Undecided
>          Status: New
> 
> -- 
> You received this bug notification because you are a member of qemu-
> devel-ml, which is subscribed to QEMU.
> https://bugs.launchpad.net/bugs/1890360
> 
> Title:
>   Assertion failure in address_space_unmap through virtio-blk
> 
> Status in QEMU:
>   New
> 
> Bug description:
>   Hello,
>   Reproducer:
>   cat << EOF | ./i386-softmmu/qemu-system-i386 \
>   -drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
>   -device virtio-blk,drive=mydrive \
>   -nodefaults -nographic -qtest stdio
>   outl 0xcf8 0x80001010
>   outl 0xcfc 0xc001
>   outl 0xcf8 0x80001014
>   outl 0xcf8 0x80001004
>   outw 0xcfc 0x7
>   outl 0xc006 0x3aff9090
>   outl 0xcf8 0x8000100e
>   outl 0xcfc 0x41005e1e
>   write 0x3b00002 0x1 0x5e
>   write 0x3b00004 0x1 0x5e
>   write 0x3aff5e6 0x1 0x11
>   write 0x3aff5eb 0x1 0xc6
>   write 0x3aff5ec 0x1 0xc6
>   write 0x7 0x1 0xff
>   write 0x8 0x1 0xfb
>   write 0xc 0x1 0x11
>   write 0xe 0x1 0x5e
>   write 0x5e8 0x1 0x11
>   write 0x5ec 0x1 0xc6
>   outl 0x410e 0x10e
>   EOF
> 
>   
>   qemu-fuzz-i386: /exec.c:3623: void address_space_unmap(AddressSpace *, void 
> *, hwaddr, _Bool, hwaddr): Assertion `mr != NULL' failed.
>   ==789== ERROR: libFuzzer: deadly signal
>       #8  in __assert_fail 
> /build/glibc-GwnBeO/glibc-2.30/assert/assert.c:101:3
>       #9  in address_space_unmap /exec.c:3623:9
>       #10 in dma_memory_unmap /include/sysemu/dma.h:145:5
>       #11 in virtqueue_unmap_sg /hw/virtio/virtio.c:690:9
>       #12 in virtqueue_fill /hw/virtio/virtio.c:843:5
>       #13 in virtqueue_push /hw/virtio/virtio.c:917:5
>       #14 in virtio_blk_req_complete /hw/block/virtio-blk.c:83:5
>       #15 in virtio_blk_handle_request /hw/block/virtio-blk.c:671:13
>       #16 in virtio_blk_handle_vq /hw/block/virtio-blk.c:780:17
>       #17 in virtio_queue_notify_aio_vq /hw/virtio/virtio.c:2324:15
>       #18 in virtio_queue_host_notifier_aio_read /hw/virtio/virtio.c:3495:9
>       #19 in aio_dispatch_handler /util/aio-posix.c:328:9
>       #20 in aio_dispatch_handlers /util/aio-posix.c:371:20
>       #21 in aio_dispatch /util/aio-posix.c:381:5
>       #22 in aio_ctx_dispatch /util/async.c:306:5
>       #23 in g_main_context_dispatch
> 
>   
>   With -trace virtio\*
> 
>   ...
>   [S +0.099667] OK
>   [R +0.099681] write 0x5ec 0x1 0xc6
>   OK
>   [S +0.099690] OK
>   [R +0.099700] outl 0x410e 0x10e
>   29575@1596590112.074339:virtio_queue_notify vdev 0x62d000030590 n 0 vq 
> 0x7f9b93fc9800
>   29575@1596590112.074423:virtio_blk_data_plane_start dataplane 0x60600000f260
>   OK
>   [S +0.099833] OK
>   29575@1596590112.076459:virtio_queue_notify vdev 0x62d000030590 n 0 vq 
> 0x7f9b93fc9800
>   29575@1596590112.076642:virtio_blk_handle_read vdev 0x62d000030590 req 
> 0x611000043e80 sector 0 nsectors 0
>   29575@1596590112.076651:virtio_blk_req_complete vdev 0x62d000030590 req 
> 0x611000043e80 status 1
>   qemu-system-i386: /home/alxndr/Development/qemu/general-fuzz/exec.c:3623: 
> void address_space_unmap(AddressSpace *, void *, hwaddr, _Bool, hwaddr): 
> Assertion `mr != NULL' failed.
> 
>   
>   -Alex
> 
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1890360/+subscriptions
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug 1890360] [NEW] Assertion failure in address_space_unmap through virtio-blk, Alexander Bulekov, 2020/08/04
- Re: [Bug 1890360] [NEW] Assertion failure in address_space_unmap through virtio-blk, Alexander Bulekov <=
  - Re: [Bug 1890360] [NEW] Assertion failure in address_space_unmap through virtio-blk, Stefan Hajnoczi, 2020/08/05
- [Bug 1890360] Re: Assertion failure in address_space_unmap through virtio-blk, Stefan Hajnoczi, 2020/08/12

Prev by Date: [Bug 1890360] [NEW] Assertion failure in address_space_unmap through virtio-blk
Next by Date: Re: device compatibility interface for live migration with assigned devices
Previous by thread: [Bug 1890360] [NEW] Assertion failure in address_space_unmap through virtio-blk
Next by thread: Re: [Bug 1890360] [NEW] Assertion failure in address_space_unmap through virtio-blk
Index(es):
- Date
- Thread